MVC :: Bit Lost On First Custom Authorization Attribute?
Mar 2, 2010
I want to create a single custom authorization attribute to be added to controller actions that require authenticated users.
My first shot at this, so I may have it all wrong
Got 3 Roles which corresponds to 3 Areas in my application (Client app, so I'll just call them RoleOne, RoleTwo, RoleThree and AreaOne, AreaTwo, AreaThree).
Each area have similiar (to a point) views and actions, like Sign Up, Area specific home, etc.
In the attribute I want to determine the current area, controller and action. Then I just add code like:
If not logged in, and in AreaOne, go to AreaOne Signup (etc)If logged in as RoleOne, and AreaOne Home is requested, go there, but if AreaTwo Home is requested ,go to AreaTwo Signup So in my attribute class I need to determine the current area, controller and action, and see what kind of user we have logged in (if any)
Using ActionExecutingContext it seems I can determine the contoller and action method names, however I cannot find the Area name, and altered the attribute to be called like this:
[Code]....
View 4 Replies
Similar Messages:
Mar 4, 2010
I have a custom authorization attribute, that basically check if the current user's role is equals to the current area name, and if not, redirect them to the signup view in that requested area. (dummy role provider at this this stage, therefor check it against the user's name at the moment)
It runs fine (IIS) but when I debug it I can see a Security Exception are being thrown by the code
The code:
[Code]....
View 2 Replies
Mar 29, 2011
I am using ASP.NET MVC 3 and am trying to do something that should be really straight forward...
My application uses Forms authentication and that is working perfectly for controllers/actions. For example if I decorate either a controller or an action with the attribute below only members of the administrators group can view them:
[Authorize(Roles="Administrators")]
However I have a folder under the default Scripts folder called Admin. I only want members of the Administrators group to be able to access scripts within this directory so I created a new web.config in the directory with the following inside:
[code]....
However no matter whether a user is a member of the Administrators group or not they receive a 302 Found message and are then redirected to the login page.
If I change the web.config to allow user="*" then it works. It also works if I add an allow users="Username" for a specific user I am testing with.
View 1 Replies
Sep 10, 2010
I have a gridview control that extends the default gridview. I have added an attribute called "hiddenSelectedValues" to to the gridview during the "PreRender" event and I have a private variable that points to the value of that attribute.I have some javascript code that modifies the value of this attribute based on the user checking or unchecking checkboxes in the grid. I have confirmed that the javascript is indeed modifying the value of the "hiddenSelectedValues" attribute by using Firebug to see the change as it happens.
However, once a postback occurs, the grid looses the updated value of this attribute and I am unable to reference get the updated value on the server side.How do I keep the value of an attribute changed by javascript on postback?
View 1 Replies
Sep 10, 2010
I have a gridview control that extends the default gridview. I have added an attribute called "hiddenSelectedValues" to to the gridview during the "PreRender" event and I have a private variable that points to the value of that attribute.
I have some javascript code that modifies the value of this attribute based on the user checking or unchecking checkboxes in the grid. I have confirmed that the javascript is indeed modifying the value of the "hiddenSelectedValues" attribute by using Firebug to see the change as it happens.
However, once a postback occurs, the grid looses the updated value of this attribute and I am unable to reference get the updated value on the server side.
How do I keep the value of an attribute changed by javascript on postback?
View 2 Replies
Dec 29, 2010
I have used standard asp.net roles and membership provider in my asp.net mvc project. The resources like creating an employee and setting its role can only be done by administrator. Now at first delivery of software to client, there will be no user, i want to implement a functionality where if there are no users in the system user can directly create new employee and assign roles without logging in. Once the roles are assigned user will have to log in to access authorized resources. Can i implement custom action filters that will assist me in implementing this functionality? How can i impelment this functionality?
View 1 Replies
Jul 16, 2010
how to write/implement custom authorization filter , i am using my own custom Authentication module and roles and not ASP.net forms authentication and have my user and role information in my sessions...
say Session["role"] = "Admin" or Session["role"] = "User"
how can i write custom filter to prevent users to access certain functionalities i.e Controller actions.
View 1 Replies
Feb 21, 2010
I've just started a small ASP.NET web application. In this project, I need to authenticate the users with Active Directory. I managed to authenticate the users successfully with Active Directory. But with Authorization with Custom Role Provider, I'm so confused. You see, the user name and password are stored in AD. So, my approach is that after the LoggedIn event of the Login Control, I check if UserName is not yet stored in the Users table yet, then I will store the UserName there. Finally, I have all the UserName of the AD users store in the Users table so I can assign Roles to the users. see my tables diagram below:
Let's say I assign UserA to RoleOne. After he logs in successfully, I do some query to look for his Roles.
Where do I keep the Role ticket? In the Cookie or in the session? How does the authorization of ASP.NET role provider work? I want to store the authorization ticket like ASP.NET role prover does too.
View 1 Replies
Feb 21, 2010
I've just started a small ASP.NET web application. In this project, I need to authenticate the users with Active Driectory. I managed to authenticate the users successfully with Active Directory. But with Authorization with Custom Role Provider, I'm so confused.You see, the user name and password are stored in AD. So, my approach is that after the LoggedIn event of the Login Control, I check if UserName is not yet stored in the Users table yet, then I will store the UserName there. Eventually, I have all the UserName of the AD users store in the Users table so I can assign Roles to the users.
Let's say I assigned UserA to RoleOne. After he logs in successfully, I do some query to look for his Roles.
Where do I keep the Role ticket? In the Cookie or in the session? How does the authorization of ASP.NET role provider work? I want to store the authentication ticket like ASP.NET role prover does too.
View 1 Replies
Mar 24, 2010
I am using: .NET 2.0, VS2005
I customized a button from System.Web.UI.WebControls.Button (it is a Custom Control, NOT an User Control, no ascx file)the intention is to adding a OrderID property to the button, that can be bound to a datasource field.
Here is how this control is used in a aspx page:
[Code]....
Here is my definition of the MYButton class, it saved in a .vb file and placed in App_Code folder
[Code]....
Here is the code trying to use the OrderID in btnSave_Click()
[Code]....
The problem is OrderID is always returned as 0.
When first time page is loaded, and gridview is bind to a data source, I step through the code, and the OrderID property are set correctly, but after the postback caused by the button, the OrderID value has lost.
View 3 Replies
Jun 28, 2010
When a user attempts to directly visit the url admin.aspx, and they are not an admin, they are redirected to the login page. However, the user then attempts to visit ViewWeek.aspx, it indicates that they are still logged in. Why does this ASP.NET authorization boot the user to the login screen, yet keep the user logged in? I'd rather it just direct the user to the default URL specified in the forms tag.
Here's my Forms Authentication:
<authentication mode="Forms">
<forms name=".ASPXFORMSAUTH" defaultUrl="ViewWeek.aspx" timeout="50000000" />
</authentication>
View 1 Replies
Mar 8, 2011
Supposing I have a user control like this <MyTag:MyWidget runat="server" /> I am wondering if I can do something like <MyTag:MyWidget runat="server" MemberHeight="400" PublicHeight="200" /> So that in MyWidget.ascx I can have <div height="<%=IsLoggedIn ? MemberHeight : PublicHeight%>"> or something like that...? Because I want the height to vary in each page that is using this widget.
View 2 Replies
Nov 7, 2010
I am trying to create a minimum length validation attribute which will force users to enter the specified minimum amount of characters into a textbox
public sealed class MinimumLengthAttribute : ValidationAttribute
{
public int MinLength { get; set; }
public MinimumLengthAttribute(int minLength)
{
MinLength = minLength;
}
public override bool IsValid(object value)
{
if (value == null)
{
return true;
}
string valueAsString = value as string;
return (valueAsString != null && valueAsString.Length >= MinLength);
}
}
In the constructor of the MinimumLengthAttribute I would like to set the error message as follows:
ErrorMessage = "{0} must be atleast {1} characters long"
How can I get the property's display name so that I can populate the {0} placeholder?
View 1 Replies
Jun 6, 2010
Is it possible to access a parent class from within an attribute.
For example I would like to create a DropDownListAttribute which can be applied to a property of a viewmodel class in MVC and then create a drop down list from an editor template. I am following a similar line as Kazi Manzur Rashid here.
He adds the collection of categories into viewdata and retrieves them using the key supplied to the attribute.
I would like to do something like the below,
public ExampleDropDownViewModel {
public IEnumerable<SelectListItem> Categories {get;set;}
[DropDownList("Categories")]
public int CategoryID { get;set; }
}
The attribute takes the name of the property containing the collection to bind to. I can't figure out how to access a property on the parent class of the attribute. Does anyone know how to do this?
View 2 Replies
Jan 20, 2010
I've create a custom attribute for my web pages... In the base page class I've created I'm trying to pull if that attribute has been set. Unfortunately it does not come back as part of the GetCustomAttributes function. Only if I explicitly use the typeof(myclass) to create the class. I have a feeling it's due to how asp.net classes are generated.
[Code]....
View 1 Replies
Jul 22, 2010
I have some code which is rendering some custom attributes of Hidden Control (without runat=server).
Something like,
And I have a lot of these hidden elements on my form.
When I submit the form, I am looping through a set of ids, say 1200 to 1250, so I will read controls based on that, and also hidden with Request.Form["hdn "]
Now problem is, as we know we get value attribute from form when we do Request.Form["id"] for hidden, I want to read my custom attributes from hidden element. Is there any way? Note that, I can not touch the rendering part here.
View 1 Replies
Jan 21, 2010
I have a class containing the following ConfigurationSection:
namespace DummyConsole {
class TestingComponentSettings: ConfigurationSection {
[ConfigurationProperty("waitForTimeSeconds", IsRequired=true)]
[IntegerValidator(MinValue = 1, MaxValue = 100, ExcludeRange = false)]
[Code]....
The value for the property 'waitForTimeSeconds' is not valid. The error is: The value must be inside the range 1-100.
If I change the IntegerValidator to have an ExcludeRage = true, I (obviously) get:
ConfigurationErrorsException was unhandled
The value for the property 'waitForTimeSeconds' is not valid. The error is: The value must not be in the range 1-100
If I then change the value of the property in the .config to a number higher than 100, it works.
If I change the validator to just have a MaxValue of 100 it works, but will also accept a value of -1.
Is it possible to use the IntegerValidatorAttribute with a range like this?
Edit to add
Confirmed as an issue by Microsoft.
View 1 Replies
Jun 12, 2012
To enable the details of this specific error message to be viewable on remote machines, please create a <customErrors> tag within a "web.config" configuration file located in the root directory of the current web application. This <customErrors> tag should then have its "mode" attribute set to "Off".
I got this error at time of running ma published website but only for 1page this error occurred how it can be solved.
View 1 Replies
Aug 24, 2010
Normally, unknown attributes of a webcontrol are passed through to to the rendered element in the browser. So the following works.
<asp:label runat="server" Text="Label Text" helpId="101" />
However, if you use a namespaced attribute like the following
<asp:label runat="server" Text="Label Text" myNs:helpId="101" /></div>
The attribute is not rendered to the client, even when the custom namespace is declared in the html element like: <html xmlns= [URL] Does anyone know of a way to get this to render to the client, without having to use a custom control. A module or other globally "pluggable" solution would be acceptable.
View 1 Replies
Nov 13, 2010
I'm new to ASP.NET and MVC in particular. Now, I'm trying to understand if I can easily get values of custom attributes of submitted data. For example, When writing something like this inside a form (which works and posts and I can get the checkbox value) <%= Html.CheckBox("cb1", new { listen = "listen:6" }) %> Can I get the value of "listen" directly or do I need JS? (I know I can just use hidden fields, but I'm I'm asking anyway)
View 1 Replies
Jan 19, 2011
I have a wep page in which there are many links with a custom attribute profileID:-
<a href="javascript:__doPostBack('M$C$CandidateSearch1$gdvSearchResult$ctl02$lnkNameAge','')" title="View Details of Saleem Khan (25)" id="M_C_CandidateSearch1_gdvSearchResult_ctl02_lnkNameAge" onclick="window.open('../Popup/ProfilePersonalInformationPopup.aspx?key=3030224&mode=view'
profileID='3030224');return false;">Saleem Khan (25)</a>
now If user type 3030224 in a textbox and press gotoLink button then i have to click that hyper link through code i.e. I have to call
onclick="window.open('../Popup/ProfilePersonalInformationPopup.aspx?key=3030224&mode=view'
for that profile ID.
Now the problem is that how can I search the page and get the <a> object with specific profileid.
View 5 Replies
Jul 22, 2010
I have some code which is rendering some custom attributes of Hidden Control (without runat=server).
Something like,
<input type='hidden' id = 'hdn1221' name = 'hdn1221' OldValue = '12' OldMode = 'A' />
And I have a lot of these hidden elements on my form.
When I submit the form, I am looping through a set of ids, say 1200 to 1250, so I will read controls based on that, and also hidden with Request.Form["hdn<Id> "]
Now problem is, as we know we get value attribute from form when we do Request.Form["id"] for hidden, I want to read my custom attributes from hidden element. Is there any way? Note that, I can not touch the rendering part here.
View 5 Replies
Oct 8, 2010
I have an ASP.NET 3.5 Site where, in some places, I am checking if the currently logged on Active Directory user is in a certain AD Security Group. In the Page_Load I'm doing something like this:
if (isInADGroup(UserGUID))
{
//proceed
}
Now I was wondering, couldn't I just create a Custom Attribute, like some of MVC's security attributes, which runs this check and cancels the execution or displays an error message?
View 1 Replies
Sep 7, 2010
I have a [BeastAuthenticate] attribute on my controller. The following code works fine but I would like to use Contructor (Dependency) Injection with Unity. The problem is that the attribute will run the contructor with no parameters. terfaces ITMSLogger and IADGroups are setup to use Dependency Injection with TMSLogger and ADGroups respectively. The following code works fine but doesn't use dependency injection for class ADGroups.
[Code]....
I tried the following but I'm getting an error ("Object reference is required...") with "this (adGroups).
[Code]....
View 2 Replies
Jan 17, 2011
How do I do something like the following:
[Code]....
View 2 Replies
